Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2011

Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing

Résumé

Security vulnerabilities typically arise from bugs in input validation and in the application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal bugs. However, in the case of SCADA systems, the use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques as they work best when the protocol semantics are known, targets can be instrumented and large network traces are available. This paper describes a fuzz-testing solution involving LZFuzz, an inline tool that provides a domain expert with the ability to effectively fuzz SCADA devices.
Fichier principal
Vignette du fichier
978-3-642-24864-1_5_Chapter.pdf (750.52 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01571775 , version 1 (03-08-2017)

Licence

Paternité

Identifiants

Citer

Rebecca Shapiro, Sergey Bratus, Edmond Rogers, Sean Smith. Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing. 5th International Conference Critical Infrastructure Protection (ICCIP), Mar 2011, Hanover, NH, United States. pp.57-72, ⟨10.1007/978-3-642-24864-1_5⟩. ⟨hal-01571775⟩
149 Consultations
799 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More